Dr. Han Liu (刘晗 in Chinese) is now a postdoctoral scholar working with Prof. Shuai Wang and Prof. Daoyuan Wu, in Department of Computer Science and Engineering at the Hong Kong University of Science and Technology (HKUST). He obtained his Ph.D. dgree in Software Engineering Institute at East China Normal University (ECNU), under the supervision of Prof. Yixiang Chen. He is also a visiting student at Nanyang Technologial University under the supervision of Prof. Yang Liu during 2022-2024. His research interests include program analysis, vulnerability detection. He hopes to collaborate with more innovative researchers on various exciting topics in software engineering, program analysis, vulnerability detection, and program synthesis.

🔥 News

• 2024.09:  🎉🎉 I joined the Hong Kong University of Science and Technology as a postdoctoral scholar.
• 2024.07:  🎉🎉Our paper “PatchFinder: A Two-Phase Approach to Security Patch Tracing for Disclosed Vulnerabilities in Open-Source Software” was accepted by ISSTA 2024.
• 2024.07:  🎉🎉 Our paper “Static Application Security Testing (SAST) Tools for Smart Contracts: How Far Are We?” has won an ACM SIGSOFT Distinguished Paper award! 🏆
• 2024.05:  🎉🎉 Our paper “Using My Functions Should Follow My Checks: Understanding and Detecting Insecure OpenZeppelin Code in Smart Contracts” was accepted by Usenix Security 2024.
• 2024.05:  🎉🎉 I have passed my Ph.D thesis defense.
• 2024.04:  🎉🎉 Our paper “Static Application Security Testing (SAST) Tools for Smart Contracts: How Far Are We?” was accepted by FSE 2024.
• 2023.12:  🎉🎉 Our paper “GPTScan: Detecting Logic Vulnerabilities in Smart Contracts by Combining GPT with Program Analysis” was accepted by ICSE 2024.
• 2023.07:  🎉🎉 Our paper “Comparison and Evaluation on Static Application Security Testing (SAST) Tools for Java” was accepted by ESEC/FSE 2023.
• 2023.01:  🎉🎉 Our paper “A Comprehensive Study on Quality Assurance Tools for Java” was accepted by ISSTA 2023.
• 2022.02:  🎉🎉 I joined Nanyang Technological University as a visiting Ph.D. student.

📝 Selected Publications [Full List]

• PatchFinder: A Two-Phase Approach to Security Patch Tracing for Disclosed Vulnerabilities in Open-Source Software
  • Kaixuan Li, Jian Zhang, Sen Chen, Han Liu, Yang Liu, Yixiang Chen
  • The 33rd ACM SIGSOFT International Symposium on Software Testing and Analysis (ISSTA 2024)
• Using My Functions Should Follow My Checks: Understanding and Detecting Insecure OpenZeppelin Code in Smart Contracts
  • Han Liu, Daoyuan Wu, Yuqiang Sun, Haijun Wang, Kaixuan Li, Yang Liu, Yixiang Chen
  • Usenix Security 2024
  • Slides for Usenix Security 2024
  • ZepScope is now open-sourced. Find more at this website.
• Static Application Security Testing (SAST) Tools for Smart Contracts: How Far Are We?
  • Kaixuan Li, Yue Xue, Sen Chen, Han Liu, Kairan Sun, Ming Hu, Haijun Wang, Yang Liu, Yixiang Chen
  • The ACM International Conference on the Foundations of Software Engineering (FSE 2024)
  • ACM SIGSOFT Distinguished Paper award 🏆
• FineWAVE: Fine-Grained Warning Verification of Bugs for Automated Static Analysis Tools.
  • Han Liu, Jian Zhang, Cen Zhang, Xiaohan Zhang, Kaixuan Li, Sen Chen, Shang-Wei Lin, Yixiang Chen, Xinhua Li, Yang Liu.
  • Preprint
• LLM4Vuln: A Unified Evaluation Framework for Decoupling and Enhancing LLMs’ Vulnerability Reasoning
  • Yuqiang Sun, Daoyuan Wu, Yue Xue, Han Liu, Wei Ma, Lyuye Zhang, Miaolei Shi, Yang Liu
  • Preprint
• GPTScan: Detecting Logic Vulnerabilities in Smart Contracts by Combining GPT with Program Analysis
  • Yuqiang Sun, Daoyuan Wu, Yue Xue, Han Liu, Haijun Wang, Zhengzi Xu, Xiaofei Xie, Yang Liu
  • The 46th IEEE/ACM International Conference on Software Engineering (ICSE 2024)
  • Slides for ICSE 2024
  • GPTScan is now open-sourced. Find more at this website.
• Comparison and Evaluation on Static Application Security Testing (SAST) Tools for Java
  • Kaixuan Li, Sen Chen, Lingling Fan, Ruitao Feng, Han Liu, Chengwei Liu, Yang Liu, Yixiang Chen
  • The 31st ACM Joint European Software Engineering Conference and Symposium on the Foundations of Software Engineering (ESEC/FSE 2023)
• A Comprehensive Study on Quality Assurance Tools for Java
  • Han Liu, Sen Chen, Ruitao Feng, Chengwei Liu, Kaixuan Li, Zhengzi Xu, Liming Nie, Yang Liu, Yixiang Chen.
  • The 32nd International Symposium on Software Testing and Analysis (ISSTA 2023)
• Survey on Trustworthiness Measurement for Artificial Intelligence Systems
  • Han Liu,Kaixuan Li, Yixiang Chen.
  • Ruan Jian Xue Bao/Journal of Software (in Chinese)

📖 Educations & Work Experience

• 2024.09 - Now, Postdoctoral scholar at Department of Computer Science and Engineering, the Hong Kong University of Science and Technology, Hong Kong, China.
• *2022.02 - 2024.02, visiting Ph.D. student at school of computer science and engineering, Nanyang Technological University, Singapore.
• 2019.09 - 2024.06, Ph.D student at Software Engineering Institute, East China Normal University, Shanghai, China.

📫 Services

• Junior PC: MSR 2024
• Sub-reviewer: Usenix Security 2025, ICSE-2025, NDSS-2025, ASE-2024, CCS-2024, ISSTA-2024, AISACCS-2024, WWW-2024, ASE-2023, FSE-2023, AILA 2023, FSE-2022, AILA 2022, Frontiers of Computer Science

🎖 Honors and Awards

• ACM SIGSOFT Distinguished Paper award, FSE 2024, 2024.
• Shanghai Outstanding Graduate Student, Shanghai Municipal Education Commission, 2024.
• Publicly Funded Postgraduate Scholarships, China Scholarship Council, 2022
• “HUAWEI CUP” 17th China Post-Graduate Mathematical Contest in Modeling 3rd Prize, 2020